How can I enable the diagnostic prompt for Windows 10 upgrades in Windows 10 v1703 and later

Introduction

On Windows 10 version 1607 and earlier during Windows 10 upgrades from one version to another, after the computer reboots to upgrade the operating system you’ll see a screen similar to the below

At this point you could press Shift and F10 to bring up a command prompt, which is extremely useful if you need to check a log file, verify driver installation or to do troubleshooting. The screenshot below is from Windows 10 version 1607 which was being upgraded from Windows 10 version 1511.

Security changes everything

However there’s a downside to this, having the ability to open a command prompt in the wrong hands could mean elevation of privileges or data theft.

We all know that security is a big focus with Microsoft and as a direct result of the concerns above, the diagnostic prompt ability was disabled by default in Windows 10 version 1703 and later. That’s all well and good for Joe public, but what about the SCCM admin who is trying to debug a task sequence ? Fear not, help is at hand.

To re-enable the Diagnostic command prompt (Shift F10 during Windows setup in an upgrade scenario) you need to modify your task sequence to set a variable, and that variable is called OSDSetupAdditionalUpgradeOptions which is described here. This variable allows us to pass command line options to Windows setup during the upgrade and that’s how we’ll re-enable the diagnostic command prompt, however we don’t want it available to everyone, except those ‘in the know’, aka the SCCM admins who need more info while troubleshooting.

Step 1. Set a task sequence variable

To make this work you need to add a Set Task Sequence Variable step before the Upgrade Operating system step in the Upgrade Task Sequence, like so.